Lucene search
K

366 matches found

RedHat Linux
RedHat Linux
added 2009/01/12 2:24 p.m.5 views

squirrelmail: session hijacking - secure flag not set for HTTPS-only cookies

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

5CVSS5.8AI score0.02159EPSS
Exploits2References4
NVD
NVD
added 2008/12/19 5:30 p.m.17 views

CVE-2008-4122

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

7.5CVSS7.4AI score0.01257EPSS
Exploits0References4
Cvelist
Cvelist
added 2008/12/19 5:0 p.m.25 views

CVE-2008-4122

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

7.4AI score0.01257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2008/12/19 12:0 a.m.7 views

PT-2008-5423 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! version 1.5.8 Description: The issue makes it easier for remote attackers to capture the session cookie by intercepting its transmission within an http session, as the secure flag is not set for the session cookie in an https session...

7.5CVSS7.4AI score0.01257EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2008/11/11 12:0 a.m.21 views

GLSA-200811-02 : Gallery: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200811-02 Gallery: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Gallery 1 and 2: Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1,...

6.8CVSS6.1AI score0.0255EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/11/10 4:29 a.m.5 views

sISAPILocation vulnerability bypasses HTTP header rewrite function

Overview sISAPILocation, an ISAPI Internet Server Application Program Interface filter, contains a vulnerability that allows the HTTP header rewrite function to be bypassed. sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services...

5CVSS6.6AI score0.01477EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/11/06 12:0 a.m.21 views

JVN#67060882 sISAPILocation vulnerability bypasses HTTP header rewrite function

sISAPILocation, developed by an individual developer, is an ISAPI filter for IIS Internet Information Services. sISAPILocation contains a vulnerability that allows the HTTP header rewrite function to be bypassed. Impact When sISAPILocation is used to configure settings, such as to specify charact...

6.8AI score
Exploits0
FreeBSD
FreeBSD
added 2008/10/14 12:0 a.m.22 views

mantis -- session hijacking vulnerability

The mantis Team reports: When configuring a web application to use only ssl e. g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Else t...

5CVSS6.4AI score0.01884EPSS
Exploits0References4
Prion
Prion
added 2008/09/24 2:56 p.m.19 views

Design/Logic Flaw

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

5CVSS6.3AI score0.02159EPSS
Exploits2References12Affected Software1
UbuntuCve
UbuntuCve
added 2008/09/24 2:56 p.m.29 views

CVE-2008-3663

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

5CVSS5.9AI score0.02159EPSS
Exploits2References1
Cvelist
Cvelist
added 2008/09/24 2:0 p.m.25 views

CVE-2008-3663

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

7.3AI score0.02159EPSS
Exploits2References12
NVD
NVD
added 2008/09/24 11:42 a.m.18 views

CVE-2008-3102

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

5CVSS6.4AI score0.01884EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2008/09/24 11:42 a.m.26 views

CVE-2008-3102

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

5CVSS5.9AI score0.01884EPSS
Exploits0References1
Cvelist
Cvelist
added 2008/09/24 10:0 a.m.32 views

CVE-2008-3102

Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

6.2AI score0.01884EPSS
Exploits0References12
CVE
CVE
added 2008/09/24 10:0 a.m.58 views

CVE-2008-3102

CVE-2008-3102 affects MantisBT: vulnerable in Mantis 1.1.x (up to 1.1.2) and 1.2.x (up to 1.2.0a2). Root cause: the session cookie is not marked Secure in HTTPS sessions, enabling potential cookie leakage. Impact stated in sources includes session hijacking through captured cookies; other CVEs in...

5CVSS6.2AI score0.01884EPSS
Exploits0References12Affected Software1
securityvulns
securityvulns
added 2008/09/24 12:0 a.m.68 views

menalto gallery: Session hijacking vulnerability, CVE-2008-3102

menalto gallery: Session hijacking vulnerability, CVE-2008-3102 References https://vulners.com/cve/CVE-2008-3102 http://int21.de/cve/CVE-2008-3102-mantis.html http://www.mantisbt.org/bugs/view.php?id=9524 http://www.mantisbt.org/bugs/view.php?id=9533...

5CVSS5.9AI score0.01884EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/09/24 12:0 a.m.34 views

FreeBSD : squirrelmail -- Session hijacking vulnerability (a0afb4b9-89a1-11dd-a65b-00163e000016)

Hanno Boeck reports : When configuring a web application to use only ssl e.g. by forwarding all http-requests to https, a user would expect that sniffing and hijacking the session is impossible. Though, for this to be secure, one needs to set the session cookie to have the secure flag. Otherwise...

5CVSS5.4AI score0.02159EPSS
Exploits2References3
securityvulns
securityvulns
added 2008/09/24 12:0 a.m.74 views

Squirrelmail: Session hijacking vulnerability, CVE-2008-3663

Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 References https://vulners.com/cve/CVE-2008-3663 http://int21.de/cve/CVE-2008-3663-squirrelmail.html http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ https://www.defcon.org/html/defcon-16/dc-16-speakers.htmlPerry...

5CVSS7.2AI score0.02159EPSS
Exploits2
CVE
CVE
added 2008/09/23 3:0 p.m.57 views

CVE-2008-3661

The CVE-2008-3661 entry concerns Drupal (likely affected versions 5.10 and 6.4) where the session cookie was not marked Secure in HTTPS, enabling cookie capture by remote attackers via cookie on insecure requests. OpenVAS/Fedora advisories reference updates to Drupal in Fedora 9 (e.g., drupal-6.1...

5CVSS6.1AI score0.02502EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2008/09/18 6:0 p.m.63 views

CVE-2008-3662

CVE-2008-3662 affects Gallery before 1.5.9 and 2.x before 2.2.6. Root cause: session cookies are not marked Secure in HTTPS sessions, allowing cookies to be sent over HTTP and potentially captured by remote attackers. Impact: information disclosure of the session cookie. Remediation: upgrade to G...

5CVSS6.2AI score0.01843EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder